www.upload.ee/download/15721411/90123a85acde1d9791f3/Downloader2.3.exe
51.91.30.159 415 B URL www.upload.ee/download/15721411/90123a85acde1d9791f3/Downloader2.3.exe
IP 51.91.30.159:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (415), with no line terminators
Hash 087ab1083a66dd9dd43a285b383aec6c
e0290ce02cc721b11d51b50015e15b7c31443ec2
8d5d6b90df2019c7ed723ce88ac2634355c04688a075fc627e33298752c41fde
GET /download/15721411/90123a85acde1d9791f3/Downloader2.3.exe HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 25 Sep 2023 03:03:05 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 415
Connection: keep-alive
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
www.upload.ee/download/15721411/90123a85acde1d9791f3/Downloader2.3.exe
51.91.30.159 415 B URL www.upload.ee/download/15721411/90123a85acde1d9791f3/Downloader2.3.exe
IP 51.91.30.159:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (415), with no line terminators
Hash 087ab1083a66dd9dd43a285b383aec6c
e0290ce02cc721b11d51b50015e15b7c31443ec2
8d5d6b90df2019c7ed723ce88ac2634355c04688a075fc627e33298752c41fde
GET /download/15721411/90123a85acde1d9791f3/Downloader2.3.exe HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 25 Sep 2023 03:03:05 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 415
Connection: keep-alive
Keep-Alive: timeout=5
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
51.91.30.159200 OK 9.0 kB URL User Request GET HTTP/1.1 www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
IP 51.91.30.159:443
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4526)
Hash 1c670e436604f851b9a7693d665e1ce0
64040f2bc1fde4570a277f3d6b5a89f69dcd153c
d11a9a06dcc1c56fb19abf8e5e720a1d8f4825741396ba974c018605b4a80403
GET /files/15721411/Downloader2.3.exe.html?msg=sess_error HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/download/15721411/90123a85acde1d9791f3/Downloader2.3.exe
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Sep 2023 03:03:06 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 8984
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 25 Sep 2023 06:03:06 +0300
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1
P3P: CP="CAO PSA OUR"
Set-Cookie: lng=eng; expires=Mon, 23-Oct-2023 03:03:06 GMT; path=/; domain=www.upload.ee; secure; httponly; SameSite=None
Content-Encoding: gzip
www.upload.ee/static/ubr__style.css
51.91.30.159200 OK 2.9 kB URL GET HTTP/1.1 www.upload.ee/static/ubr__style.css
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type ASCII text, with very long lines (591), with CRLF line terminators
Hash 3ba04e290212b44bcca8f10a60a4e879
a9b021c9019bdbb28250836039b2372a1b4d0f0f
f618b1c7be10c3203620d44c6f323be5b61ac10e67588d96cb69988b3173c7d2
GET /static/ubr__style.css HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Sep 2023 03:03:06 GMT
Content-Type: text/css
Last-Modified: Fri, 04 Oct 2013 10:02:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
ETag: W/"524e9233-25a0"
Expires: Mon, 02 Oct 2023 03:03:06 GMT
Cache-Control: max-age=604800
Vary: Accept-Encoding
Content-Encoding: gzip
du0pud0sdlmzf.cloudfront.net/?dupud=997369
143.204.42.159200 OK 118 kB URL GET HTTP/2 du0pud0sdlmzf.cloudfront.net/?dupud=997369
IP 143.204.42.159:443
Requested by https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (15948)
Size 118 kB (117769 bytes)
Hash d967fcc981a50b5c33094832b0516eb6
35d10d346388cff02fbae9fea2c74c70c90d287d
b3912d8139fe16a09a7ad1d88a41a4bd87152df5eb71525762ad10c368d688a6
GET /?dupud=997369 HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 117769
date: Mon, 25 Sep 2023 03:02:49 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Hit from cloudfront
via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: eiEYxaxBP4rqPIgq53tKgpe-UYe0AG4WE0QgmF_WCzgCjmDLChKfRA==
age: 17
X-Firefox-Spdy: h2
www.upload.ee/js/js__file_upload.js
51.91.30.159200 OK 27 kB URL GET HTTP/1.1 www.upload.ee/js/js__file_upload.js
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (1853)
Hash 617f6d5a2744bc8c02e3d2c67544bd68
f57c068257c8bc85644d3be1e845c36506cd4625
62a3bb4d9d2b5a55b6d821a75d7b155fac47def3c241e4f1215d17e022f02658
GET /js/js__file_upload.js HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Sep 2023 03:03:06 GMT
Content-Type: application/javascript
Content-Length: 27351
Last-Modified: Thu, 07 May 2020 19:13:28 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "5eb45dd8-6ad7"
Expires: Mon, 02 Oct 2023 03:03:06 GMT
Cache-Control: max-age=604800
Vary: Accept-Encoding
Accept-Ranges: bytes
www.upload.ee/images/arrow.gif
51.91.30.159200 OK 59 B URL GET HTTP/1.1 www.upload.ee/images/arrow.gif
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type GIF image data, version 89a, 6 x 9\012- data
Hash 6675f814b94f13f91f1383707b250e36
31452650e8fce2095613a2010799bdb7548bdd51
061d01a0b85f948c6ec464870ecec4654c4bd2ff15cacda941bbbf16225ec411
GET /images/arrow.gif HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Sep 2023 03:03:06 GMT
Content-Type: image/gif
Content-Length: 59
Last-Modified: Sun, 14 Apr 2013 07:15:01 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "516a5775-3b"
Expires: Mon, 02 Oct 2023 03:03:06 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
www.upload.ee/images/dl_.png
51.91.30.159200 OK 1.9 kB URL GET HTTP/1.1 www.upload.ee/images/dl_.png
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type PNG image data, 154 x 32, 8-bit colormap, non-interlaced\012- data
Hash f3e8f284a4e98cdb91b6abfc142d94a4
fa9e618c2f56bea752ddd7e45a372c5539dadda9
2f13919383f54ca21e5b87f5644df8a875b99815c821dcbbabea352d854c6882
GET /images/dl_.png HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Sep 2023 03:03:06 GMT
Content-Type: image/png
Content-Length: 1900
Last-Modified: Thu, 01 Dec 2016 09:37:27 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "583fef57-76c"
Expires: Mon, 02 Oct 2023 03:03:06 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash b88608b884827ca0568bcc04493a2445
616920c8a98553d92775b341acbec35d70c53227
1987709f15b9c85c4062b52f1e3238a18f4277d7cc33382c355b573c30c05a8b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 25 Sep 2023 03:03:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-6703115-1
142.250.74.168200 OK 52 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=UA-6703115-1
IP 142.250.74.168:443
Requested by https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint00:ED:16:68:8D:DB:14:8B:43:01:81:CA:83:9A:AE:5B:24:AB:11:18
ValidityMon, 04 Sep 2023 08:17:06 GMT - Mon, 27 Nov 2023 08:17:05 GMT
File type ASCII text, with very long lines (2213)
Hash db387b5c815b5f946339dea9453008cc
7b534f83538d05e7f5fbb7c6502b0a54f738621f
0980036163229e06dfdfe962019b5b5470a6ff7ed3faef55fae7c5d98f522cc0
GET /gtag/js?id=UA-6703115-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 25 Sep 2023 03:03:06 GMT
expires: Mon, 25 Sep 2023 03:03:06 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 51717
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash b88608b884827ca0568bcc04493a2445
616920c8a98553d92775b341acbec35d70c53227
1987709f15b9c85c4062b52f1e3238a18f4277d7cc33382c355b573c30c05a8b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 25 Sep 2023 03:03:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
gourgoldpieceso.com/WU13YnR2chQRSQ4YLlEVaxcFASVsFyJQNiEMIRYgOCMUJiFoBFEWHT1wTltDantORAQwKUpTUio5FhYBKnBGRB03KxhfUi9wRkxHbWNEVlppawJfRX85BwMTZHxREgAtIUpTQmB4QVNEYHVAUkxr
104.21.21.130204 No Content 0 B URL GET HTTP/2 gourgoldpieceso.com/WU13YnR2chQRSQ4YLlEVaxcFASVsFyJQNiEMIRYgOCMUJiFoBFEWHT1wTltDantORAQwKUpTUio5FhYBKnBGRB03KxhfUi9wRkxHbWNEVlppawJfRX85BwMTZHxREgAtIUpTQmB4QVNEYHVAUkxr
IP 104.21.21.130:443
Requested by https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectgourgoldpieceso.com
Fingerprint2F:6C:A4:39:D1:55:B5:C3:E1:69:AB:2B:9A:94:A6:6C:EA:FB:0A:F9
ValidityWed, 13 Sep 2023 06:21:57 GMT - Tue, 12 Dec 2023 06:21:56 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WU13YnR2chQRSQ4YLlEVaxcFASVsFyJQNiEMIRYgOCMUJiFoBFEWHT1wTltDantORAQwKUpTUio5FhYBKnBGRB03KxhfUi9wRkxHbWNEVlppawJfRX85BwMTZHxREgAtIUpTQmB4QVNEYHVAUkxr HTTP/1.1
Host: gourgoldpieceso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Mon, 25 Sep 2023 03:03:07 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W1NVLW8pJ8Lbz81R1N%2BE24pT9h%2BYmnSV03kn4I%2BJSI%2F5Jhgl2pwItrzr6zfT3zWOLg%2FMUc5%2FWhyXA2M1JKx31v5h9soNUtP770Va%2F1WZbZDCP1mUsWpZjIPkPZAEw8VEqJroBPNR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80c0083c680156c3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
gourgoldpieceso.com/b0RuMENAew1DfiASNH0ZOx0vanBWFi9XBQggOHEMKxM0ARUIEUhEKgt5Vwl0W3RWFjMGIFMBe0k3GlE3GjdTAWUGKghffkkyUwFtX2pcHndJMVMBZRs0D1d+XmIeRDcDeV8GelpyXwB6V3NfA3U
104.21.21.130204 No Content 0 B URL GET HTTP/2 gourgoldpieceso.com/b0RuMENAew1DfiASNH0ZOx0vanBWFi9XBQggOHEMKxM0ARUIEUhEKgt5Vwl0W3RWFjMGIFMBe0k3GlE3GjdTAWUGKghffkkyUwFtX2pcHndJMVMBZRs0D1d+XmIeRDcDeV8GelpyXwB6V3NfA3U
IP 104.21.21.130:443
Requested by https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectgourgoldpieceso.com
Fingerprint2F:6C:A4:39:D1:55:B5:C3:E1:69:AB:2B:9A:94:A6:6C:EA:FB:0A:F9
ValidityWed, 13 Sep 2023 06:21:57 GMT - Tue, 12 Dec 2023 06:21:56 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b0RuMENAew1DfiASNH0ZOx0vanBWFi9XBQggOHEMKxM0ARUIEUhEKgt5Vwl0W3RWFjMGIFMBe0k3GlE3GjdTAWUGKghffkkyUwFtX2pcHndJMVMBZRs0D1d+XmIeRDcDeV8GelpyXwB6V3NfA3U HTTP/1.1
Host: gourgoldpieceso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Mon, 25 Sep 2023 03:03:07 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NH5vKv%2BDpN37XzdAHk8ut%2FenfPnUz5z3p1QyMme3i%2BhNafNuufYDiisUyMJ4gmdHgRNoBAh2qO%2Fcw2Jl38zTdblau%2BHtfWBPeHXux%2FL7g11JYJdBpChpsjCEyTM86c4Grw4ynHUL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80c0083c981c56c3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
idohethisisathllea.com/M01teHlSLw4VRlJwD14MQSFQXUt1aF8+HUZ9HQ0dAz4JFBRJK0MbFVw4CR4LXCMZVhdWOUhKP1IaNQgsaSAOTj9nIiwvOgMZID4NVhQoSR5lIVRdS3UILhszcB4BMD1ndSgZAXI4JjlBUQZfLRd9f1g7PVgMOTEBBj07EzwCChcXO2QjVR42VBsMGT9EfCwfL1gZAzEtcSA8IDZLOiI2K2p8PEksVRleCC5iIBkzH3F4Ohk/CiMnPTNBHgcfKXAeGjsaZR81MSx5JCIuP0cVXxsSYiAZMzNbDy4ZE0chOxRMAB4DST1lGgYcNGIYIDYVCiAkPi9DHl9VK2QbABQ1UBs/IClLAAA5DnZ/LBY/ZgQ6EDVpGAUgH0R0HS4OFSceFxdDcDQhGgEnFzYRcRxcOSkEdTc
52.85.242.75200 OK 1.2 kB URL GET HTTP/2 idohethisisathllea.com/M01teHlSLw4VRlJwD14MQSFQXUt1aF8+HUZ9HQ0dAz4JFBRJK0MbFVw4CR4LXCMZVhdWOUhKP1IaNQgsaSAOTj9nIiwvOgMZID4NVhQoSR5lIVRdS3UILhszcB4BMD1ndSgZAXI4JjlBUQZfLRd9f1g7PVgMOTEBBj07EzwCChcXO2QjVR42VBsMGT9EfCwfL1gZAzEtcSA8IDZLOiI2K2p8PEksVRleCC5iIBkzH3F4Ohk/CiMnPTNBHgcfKXAeGjsaZR81MSx5JCIuP0cVXxsSYiAZMzNbDy4ZE0chOxRMAB4DST1lGgYcNGIYIDYVCiAkPi9DHl9VK2QbABQ1UBs/IClLAAA5DnZ/LBY/ZgQ6EDVpGAUgH0R0HS4OFSceFxdDcDQhGgEnFzYRcRxcOSkEdTc
IP 52.85.242.75:443
Requested by https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Certificate IssuerAmazon
Subjectidohethisisathllea.com
Fingerprint85:DD:DD:23:88:CB:8B:EE:0A:E8:28:AD:8D:6A:15:CA:6B:85:DA:DF
ValidityWed, 13 Sep 2023 00:00:00 GMT - Fri, 11 Oct 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3008), with no line terminators
Hash 3e3f9f74df5d33d8cc768854af58aecf
efc27bfd92dfc0a14a5a912945219fa7b734a746
1a7923ee92b7752229a7720e9f9203c70bea9cc980c25e23ab3bd2d956401cf5
GET /M01teHlSLw4VRlJwD14MQSFQXUt1aF8+HUZ9HQ0dAz4JFBRJK0MbFVw4CR4LXCMZVhdWOUhKP1IaNQgsaSAOTj9nIiwvOgMZID4NVhQoSR5lIVRdS3UILhszcB4BMD1ndSgZAXI4JjlBUQZfLRd9f1g7PVgMOTEBBj07EzwCChcXO2QjVR42VBsMGT9EfCwfL1gZAzEtcSA8IDZLOiI2K2p8PEksVRleCC5iIBkzH3F4Ohk/CiMnPTNBHgcfKXAeGjsaZR81MSx5JCIuP0cVXxsSYiAZMzNbDy4ZE0chOxRMAB4DST1lGgYcNGIYIDYVCiAkPi9DHl9VK2QbABQ1UBs/IClLAAA5DnZ/LBY/ZgQ6EDVpGAUgH0R0HS4OFSceFxdDcDQhGgEnFzYRcRxcOSkEdTc HTTP/1.1
Host: idohethisisathllea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1164
date: Mon, 25 Sep 2023 03:03:07 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 67d9c6999f4bc9c9c60e1e5f24b316e8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: tTXckL_SRiBpVL7v8MCLHutWqGP2wSG-padfq7XxgIVbeoIDiC0mTw==
X-Firefox-Spdy: h2
idohethisisathllea.com/YnR0Q1cDFhcuaANJFmUiEBhJZmUkUUYFMxdEBDYzUgcQLzoYElogOw0BECUlDRoAbTkHAFFxEVAXIi8iMxkXEBkFNR8UFjcDNy1uByczdjYBRTobGhpEAAAGJB82NGMsJzcCJyA2QCkxGhtAAmcaBCcAYyU8DnYDODU9JRgOOg4SBSNNMAtuNiINczIuJQwOGyMTRQU/VgUyBwYtMyx7NStFGyAZCiUGAC9SQCdwFgomPCcyOEUiATQwLg4VOzAFOAQzNCUgFh8uNj0JMSQMDQtnDgI5GwU2IjMsJDhFIgEcGhwaFRMgGywtIyglLAEbATIXFAcjWUQzFCQmBggfICwlBDsHF0UnFgQyDDoWMBMGAC4zPTcbLwE2MhkWAzE2OgYzJh8bIEQeByw5EkkdDz1bDTMFLjA
52.85.242.75200 OK 1.2 kB URL GET HTTP/2 idohethisisathllea.com/YnR0Q1cDFhcuaANJFmUiEBhJZmUkUUYFMxdEBDYzUgcQLzoYElogOw0BECUlDRoAbTkHAFFxEVAXIi8iMxkXEBkFNR8UFjcDNy1uByczdjYBRTobGhpEAAAGJB82NGMsJzcCJyA2QCkxGhtAAmcaBCcAYyU8DnYDODU9JRgOOg4SBSNNMAtuNiINczIuJQwOGyMTRQU/VgUyBwYtMyx7NStFGyAZCiUGAC9SQCdwFgomPCcyOEUiATQwLg4VOzAFOAQzNCUgFh8uNj0JMSQMDQtnDgI5GwU2IjMsJDhFIgEcGhwaFRMgGywtIyglLAEbATIXFAcjWUQzFCQmBggfICwlBDsHF0UnFgQyDDoWMBMGAC4zPTcbLwE2MhkWAzE2OgYzJh8bIEQeByw5EkkdDz1bDTMFLjA
IP 52.85.242.75:443
Requested by https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Certificate IssuerAmazon
Subjectidohethisisathllea.com
Fingerprint85:DD:DD:23:88:CB:8B:EE:0A:E8:28:AD:8D:6A:15:CA:6B:85:DA:DF
ValidityWed, 13 Sep 2023 00:00:00 GMT - Fri, 11 Oct 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3013), with no line terminators
Hash a65c2b921052e23337a44e256d9de008
511b0980883bd796bd9ec540579dc7c1a8bc5ff6
802a2bc7a057b0d309d170fac46e8163ef2cc3ec0caa4b54b74752517315320a
GET /YnR0Q1cDFhcuaANJFmUiEBhJZmUkUUYFMxdEBDYzUgcQLzoYElogOw0BECUlDRoAbTkHAFFxEVAXIi8iMxkXEBkFNR8UFjcDNy1uByczdjYBRTobGhpEAAAGJB82NGMsJzcCJyA2QCkxGhtAAmcaBCcAYyU8DnYDODU9JRgOOg4SBSNNMAtuNiINczIuJQwOGyMTRQU/VgUyBwYtMyx7NStFGyAZCiUGAC9SQCdwFgomPCcyOEUiATQwLg4VOzAFOAQzNCUgFh8uNj0JMSQMDQtnDgI5GwU2IjMsJDhFIgEcGhwaFRMgGywtIyglLAEbATIXFAcjWUQzFCQmBggfICwlBDsHF0UnFgQyDDoWMBMGAC4zPTcbLwE2MhkWAzE2OgYzJh8bIEQeByw5EkkdDz1bDTMFLjA HTTP/1.1
Host: idohethisisathllea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1168
date: Mon, 25 Sep 2023 03:03:07 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 67d9c6999f4bc9c9c60e1e5f24b316e8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: p6Zlf9-jOpfzSNqLw72WtVwv3pudfbZt2ZZap4tBCBocVRog3kqbxA==
X-Firefox-Spdy: h2
gourgoldpieceso.com/Wm5CbEx1USEfcQkmLh8oHQI1P31rKhoCdQo2B10vPAU6CR4MHWQYJT5Te1V7bl92SjwzCn9daikaIxg5KVNzSiU0CC1RaixTc0J/bkBxWGJqSDdRfXwaMg0rZ19kHDguAn9demNbdF18Y1Z1XXVt
104.21.21.130204 No Content 0 B URL GET HTTP/2 gourgoldpieceso.com/Wm5CbEx1USEfcQkmLh8oHQI1P31rKhoCdQo2B10vPAU6CR4MHWQYJT5Te1V7bl92SjwzCn9daikaIxg5KVNzSiU0CC1RaixTc0J/bkBxWGJqSDdRfXwaMg0rZ19kHDguAn9demNbdF18Y1Z1XXVt
IP 104.21.21.130:443
Requested by https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectgourgoldpieceso.com
Fingerprint2F:6C:A4:39:D1:55:B5:C3:E1:69:AB:2B:9A:94:A6:6C:EA:FB:0A:F9
ValidityWed, 13 Sep 2023 06:21:57 GMT - Tue, 12 Dec 2023 06:21:56 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /Wm5CbEx1USEfcQkmLh8oHQI1P31rKhoCdQo2B10vPAU6CR4MHWQYJT5Te1V7bl92SjwzCn9daikaIxg5KVNzSiU0CC1RaixTc0J/bkBxWGJqSDdRfXwaMg0rZ19kHDguAn9demNbdF18Y1Z1XXVt HTTP/1.1
Host: gourgoldpieceso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Mon, 25 Sep 2023 03:03:07 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dIkRtPIdCUh7%2Be4%2FGKufrJq67B7rj34hpw5DOS5n%2B59M4isGlZZFMv40LyOGp4Tetr%2FJdE9lL5pQE9ziJhbLT6Pc9uMvdgrgxubaHY29tOARBhG8fZEut5TkmpKclniuuyWSiy6t"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80c0083ce84156c3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
idohethisisathllea.com/d1FxeUUWMxIUehZsE18wBT1MXHcxdEM/IQJhAQwhRyIVFSgNN18aKRgkFR83GD8FVysSJVRLAx0cJyw/OBUZKgobYBQ7dSJpJw4QNRI2MAQzNjQhFUcTKS8uMT4mFxw1ACMNdxI/KzUEIQAhLQAlKyNJDxQVNiwTIRcdHwgQZRQhE09jNR4uEgQ1Pxc1AAYhDCIfKSwyADYnLHw9CRgjDyM9NyMmRwsrOxMAZyIvAyIJJSgSND9FPCAAHBU6IjFoIg4uPRc2Iz0/AB47CiEhJi0QGyYwKC02EiY3NjM2BiwfGRQVOiIyPyMrdTsyNigBNgMoOyM1fCgyBjEIBiwDOQk3PiFGEhYeBC0APDMGNhMGOBQfNCY6ISAJHR0PFBA3XHc1EiA7Lj8AFhwXMDYyXy8EPh8JeB4fSAkLMhM/AxEQZgUM
52.85.242.75200 OK 1.2 kB URL GET HTTP/2 idohethisisathllea.com/d1FxeUUWMxIUehZsE18wBT1MXHcxdEM/IQJhAQwhRyIVFSgNN18aKRgkFR83GD8FVysSJVRLAx0cJyw/OBUZKgobYBQ7dSJpJw4QNRI2MAQzNjQhFUcTKS8uMT4mFxw1ACMNdxI/KzUEIQAhLQAlKyNJDxQVNiwTIRcdHwgQZRQhE09jNR4uEgQ1Pxc1AAYhDCIfKSwyADYnLHw9CRgjDyM9NyMmRwsrOxMAZyIvAyIJJSgSND9FPCAAHBU6IjFoIg4uPRc2Iz0/AB47CiEhJi0QGyYwKC02EiY3NjM2BiwfGRQVOiIyPyMrdTsyNigBNgMoOyM1fCgyBjEIBiwDOQk3PiFGEhYeBC0APDMGNhMGOBQfNCY6ISAJHR0PFBA3XHc1EiA7Lj8AFhwXMDYyXy8EPh8JeB4fSAkLMhM/AxEQZgUM
IP 52.85.242.75:443
Requested by https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Certificate IssuerAmazon
Subjectidohethisisathllea.com
Fingerprint85:DD:DD:23:88:CB:8B:EE:0A:E8:28:AD:8D:6A:15:CA:6B:85:DA:DF
ValidityWed, 13 Sep 2023 00:00:00 GMT - Fri, 11 Oct 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3024), with no line terminators
Hash 264e233723adc0b00fed0f40c2873281
821d95c5de51d6789855471680a72ef6bec9856d
b657276ea50120b3e20aced260d715bbb2ab9d256c343c012681659f186c505b
GET /d1FxeUUWMxIUehZsE18wBT1MXHcxdEM/IQJhAQwhRyIVFSgNN18aKRgkFR83GD8FVysSJVRLAx0cJyw/OBUZKgobYBQ7dSJpJw4QNRI2MAQzNjQhFUcTKS8uMT4mFxw1ACMNdxI/KzUEIQAhLQAlKyNJDxQVNiwTIRcdHwgQZRQhE09jNR4uEgQ1Pxc1AAYhDCIfKSwyADYnLHw9CRgjDyM9NyMmRwsrOxMAZyIvAyIJJSgSND9FPCAAHBU6IjFoIg4uPRc2Iz0/AB47CiEhJi0QGyYwKC02EiY3NjM2BiwfGRQVOiIyPyMrdTsyNigBNgMoOyM1fCgyBjEIBiwDOQk3PiFGEhYeBC0APDMGNhMGOBQfNCY6ISAJHR0PFBA3XHc1EiA7Lj8AFhwXMDYyXy8EPh8JeB4fSAkLMhM/AxEQZgUM HTTP/1.1
Host: idohethisisathllea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
content-length: 1178
date: Mon, 25 Sep 2023 03:03:07 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 67d9c6999f4bc9c9c60e1e5f24b316e8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: 4YSP6YTyeclBtsjiAGwO0OBYlU5slEpefp5hghkgTPJ085TluAsGgg==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 3b7403306365b481a905b872a4a8fe8d
848d8b54a1b0fa0f473fe13bbabcb7872c0a6067
f7ffcd2b2deb0aafb5ab3eca136e1bfa6560686bf31f6982afeb0535dfd70bd7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 25 Sep 2023 03:03:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 3b7403306365b481a905b872a4a8fe8d
848d8b54a1b0fa0f473fe13bbabcb7872c0a6067
f7ffcd2b2deb0aafb5ab3eca136e1bfa6560686bf31f6982afeb0535dfd70bd7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 25 Sep 2023 03:03:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c
142.250.74.168200 OK 86 kB URL GET HTTP/3 www.googletagmanager.com/gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c
IP 142.250.74.168:443
Requested by https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint00:ED:16:68:8D:DB:14:8B:43:01:81:CA:83:9A:AE:5B:24:AB:11:18
ValidityMon, 04 Sep 2023 08:17:06 GMT - Mon, 27 Nov 2023 08:17:05 GMT
File type ASCII text, with very long lines (3034)
Hash d59092a00abc65d753f586eb2085688f
8c5b1f4ea9c2dbe53ffc531a9086b7d88ee5051d
2fac8ba5fbbfc34ebd18e7a5ea735fbfdaf092f6a0d6e3756534916b8277a68d
GET /gtag/js?id=G-LT9YQX0N49&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 25 Sep 2023 03:03:07 GMT
expires: Mon, 25 Sep 2023 03:03:07 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 85873
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.upload.ee/favicon.ico
51.91.30.159200 OK 1.2 kB URL GET HTTP/1.1 www.upload.ee/favicon.ico
IP 51.91.30.159:443
Requested by https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Certificate IssuerDigiCert, Inc.
Subjectwww.upload.ee
Fingerprint50:32:93:34:C8:04:2F:84:49:77:0D:C4:DD:CA:79:C9:CB:3E:C0:F4
ValidityThu, 02 Mar 2023 00:00:00 GMT - Mon, 01 Apr 2024 23:59:59 GMT
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash f299cf2e651c19e48d27900ced493ccb
c2d1086d517d7a26292e0d7b32da7c55b166c23b
115c8eb4840245f7aed0cb2a17fa7e91b86f79bb2f223a25af8cc533e1dedff1
GET /favicon.ico HTTP/1.1
Host: www.upload.ee
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Cookie: lng=eng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 25 Sep 2023 03:03:07 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Tue, 16 Dec 2008 17:17:25 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "4947e2a5-47e"
Expires: Mon, 02 Oct 2023 03:03:07 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.211.13302 Found 0 B URL GET HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.211.13:443
Requested by https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint2F:C1:71:0A:05:D9:0F:38:EF:D1:16:F7:50:AF:41:48:6B:F9:BA:B5
ValidityMon, 04 Sep 2023 08:23:30 GMT - Mon, 27 Nov 2023 08:23:29 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:vxYQ6pM86cx1mncABE5IirXwOnKlFg:DlnOCj89Nfzz1ZCe; Expires=Wed, 24-Sep-2025 03:03:07 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 25 Sep 2023 03:03:07 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AYZoVhf_A2pqwDzli9PvADW6ahH0OnzabydcD3wUUgGAO7-9-wPkDp_ldpV1p9CFwhDDTfV28W_swQ
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy: unsafe-none
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'nonce-HqbQ9PvSzIEtKJcz1_RqaA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.211.13302 Found 0 B URL GET HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.211.13:443
Requested by https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint2F:C1:71:0A:05:D9:0F:38:EF:D1:16:F7:50:AF:41:48:6B:F9:BA:B5
ValidityMon, 04 Sep 2023 08:23:30 GMT - Mon, 27 Nov 2023 08:23:29 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:3Uxse0Z3XXgvnW9a5IWCaSlFg-m-Vw:DrauQkIYoNK1FF1m; Expires=Wed, 24-Sep-2025 03:03:07 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 25 Sep 2023 03:03:07 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AYZoVhcqCp8JCgzAKgAu3vbDRJDstkCipgeDsfCmRyCO6LDgInr4pcvvSkPFJXuXm95aOGfRxF6Q_g
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-0jGQ9wmrhY1PT3SfO1P0Og' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
cross-origin-opener-policy: unsafe-none
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
idohethisisathllea.com/utx?cb=MlhaTVmuuHND&top=www.upload.ee&tid=997414
52.85.242.75204 No Content 0 B URL GET HTTP/2 idohethisisathllea.com/utx?cb=MlhaTVmuuHND&top=www.upload.ee&tid=997414
IP 52.85.242.75:443
Requested by https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Certificate IssuerAmazon
Subjectidohethisisathllea.com
Fingerprint85:DD:DD:23:88:CB:8B:EE:0A:E8:28:AD:8D:6A:15:CA:6B:85:DA:DF
ValidityWed, 13 Sep 2023 00:00:00 GMT - Fri, 11 Oct 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=MlhaTVmuuHND&top=www.upload.ee&tid=997414 HTTP/1.1
Host: idohethisisathllea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Mon, 25 Sep 2023 03:03:07 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.upload.ee
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Mon, 25 Sep 2023 03:04:07 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 67d9c6999f4bc9c9c60e1e5f24b316e8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: VfCrApUB6ryii7J3gFIjgGhB1eEbYSP_-Aax9x99HPtsyW_iE3mkGQ==
X-Firefox-Spdy: h2
idohethisisathllea.com/utx?cb=l4b9hkDwIPXa&top=www.upload.ee&tid=997369
52.85.242.75204 No Content 0 B URL GET HTTP/2 idohethisisathllea.com/utx?cb=l4b9hkDwIPXa&top=www.upload.ee&tid=997369
IP 52.85.242.75:443
Requested by https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Certificate IssuerAmazon
Subjectidohethisisathllea.com
Fingerprint85:DD:DD:23:88:CB:8B:EE:0A:E8:28:AD:8D:6A:15:CA:6B:85:DA:DF
ValidityWed, 13 Sep 2023 00:00:00 GMT - Fri, 11 Oct 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=l4b9hkDwIPXa&top=www.upload.ee&tid=997369 HTTP/1.1
Host: idohethisisathllea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Mon, 25 Sep 2023 03:03:07 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.upload.ee
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Mon, 25 Sep 2023 03:04:07 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 67d9c6999f4bc9c9c60e1e5f24b316e8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: wJgQnr1eD7myjuSj1hc-Gl323895cmFUcAzKaj-ghxHcpjDqDuD7Ow==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash 8b73efbd091b4679b9c7e8827650a8a1
050808743dbb64f3ceb2c6449a3a6b30d5a9a4e0
f0650f0c5b63e420109a8fca37be24b55a36f9708d66b3d3cb0b8d07621d63d0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 25 Sep 2023 03:03:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
du0pud0sdlmzf.cloudfront.net/2cVluQmcSNgAkWAUwCn9eSG5ac1NXMx0tCQFkBw4NSCApBB4jfxo4A0xpSC4GHz5TZAIfOlNzQRA9DH9TVy0eLQxMLAg1Fh4qFDQOGX8bI1ocNhQrCx04S3AhRHdeZ1VBcRZzVlRqLGdVQTUHLBIJfFxyH0lvMXRTVGosZ1VBKxhnVDBoXntJQXBLcFcWPA-0pCFRrKHBXQGlec1dAfFxyARgrCyQICXxcBFZAaEByQQRkXw
143.204.42.159 575 B URL du0pud0sdlmzf.cloudfront.net/2cVluQmcSNgAkWAUwCn9eSG5ac1NXMx0tCQFkBw4NSCApBB4jfxo4A0xpSC4GHz5TZAIfOlNzQRA9DH9TVy0eLQxMLAg1Fh4qFDQOGX8bI1ocNhQrCx04S3AhRHdeZ1VBcRZzVlRqLGdVQTUHLBIJfFxyH0lvMXRTVGosZ1VBKxhnVDBoXntJQXBLcFcWPA-0pCFRrKHBXQGlec1dAfFxyARgrCyQICXxcBFZAaEByQQRkXw
IP 143.204.42.159:0
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (805), with no line terminators
Hash b6d7fa2782dffc7dbe5f37c9aeb537d2
20253368c344a9cd831926ce18b3e6efbc09d2da
fae46a578c806d1776760fc0a9f8b1d6e30e47453eab33117c5d6e130e47f658
GET /2cVluQmcSNgAkWAUwCn9eSG5ac1NXMx0tCQFkBw4NSCApBB4jfxo4A0xpSC4GHz5TZAIfOlNzQRA9DH9TVy0eLQxMLAg1Fh4qFDQOGX8bI1ocNhQrCx04S3AhRHdeZ1VBcRZzVlRqLGdVQTUHLBIJfFxyH0lvMXRTVGosZ1VBKxhnVDBoXntJQXBLcFcWPA-0pCFRrKHBXQGlec1dAfFxyARgrCyQICXxcBFZAaEByQQRkXw HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://idohethisisathllea.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 575
date: Mon, 25 Sep 2023 03:03:08 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: aLV6fqm36zKXz0MvVx3l0gHy2AuH4gZRu45sc7SIxfWSFmQCTSPSpA==
X-Firefox-Spdy: h2
accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AYZoVhf_A2pqwDzli9PvADW6ahH0OnzabydcD3wUUgGAO7-9-wPkDp_ldpV1p9CFwhDDTfV28W_swQ
216.58.211.13302 Found 402 B URL GET HTTP/3 accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AYZoVhf_A2pqwDzli9PvADW6ahH0OnzabydcD3wUUgGAO7-9-wPkDp_ldpV1p9CFwhDDTfV28W_swQ
IP 216.58.211.13:443
Requested by https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintBB:B9:27:FB:7D:F3:A7:1A:57:CC:23:F8:42:E9:10:BE:59:7E:1F:D4
ValidityMon, 04 Sep 2023 08:17:06 GMT - Mon, 27 Nov 2023 08:17:05 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (394)
Hash 029b2b73e4bd31b6d8b6827f06c742ab
27b744055f65f3212d67acf8831950702b42ff99
571c36e9b3aa05a8e64f28613056e9e37172eeb3fa1aaf16d9763dbefbacd47f
GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AYZoVhf_A2pqwDzli9PvADW6ahH0OnzabydcD3wUUgGAO7-9-wPkDp_ldpV1p9CFwhDDTfV28W_swQ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:mpTyJjoaLLhewi6YPSOxZEGcio4l5g:CdKfjbDmUU6S9ALA;Path=/;Expires=Wed, 24-Sep-2025 03:03:08 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 25 Sep 2023 03:03:08 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhdUSDIybP8BWoJHBWowpRYDQdxwH8IxFzfO5PVuk9STSJ2qSMHrfQh2iqCsN9OoHNx6gnr4QA&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S587422129%3A1695610988332595&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-b6CVjALxYZw70nsBx9cYwQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 402
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AYZoVhcqCp8JCgzAKgAu3vbDRJDstkCipgeDsfCmRyCO6LDgInr4pcvvSkPFJXuXm95aOGfRxF6Q_g
216.58.211.13302 Found 408 B URL GET HTTP/3 accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AYZoVhcqCp8JCgzAKgAu3vbDRJDstkCipgeDsfCmRyCO6LDgInr4pcvvSkPFJXuXm95aOGfRxF6Q_g
IP 216.58.211.13:443
Requested by https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintBB:B9:27:FB:7D:F3:A7:1A:57:CC:23:F8:42:E9:10:BE:59:7E:1F:D4
ValidityMon, 04 Sep 2023 08:17:06 GMT - Mon, 27 Nov 2023 08:17:05 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (399)
Hash 5bf22aafe5e479696d6051b280880ccc
50785608b4224b3d27e1fb819ee90c5900a2e0f1
d29e0424e752d413df33b326c3841a48068b13b0312ca5f5f459867986c1c3eb
GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AYZoVhcqCp8JCgzAKgAu3vbDRJDstkCipgeDsfCmRyCO6LDgInr4pcvvSkPFJXuXm95aOGfRxF6Q_g HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:8iEyneK1ilivN6t9MvwYAHEkk3KIKg:IvOUB0z4bKyvVPxS;Path=/;Expires=Wed, 24-Sep-2025 03:03:08 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 25 Sep 2023 03:03:08 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhdEYFAOobhn-gsffZIkxWUXgzguTKrjCxDqTXpypHtTJPuMyYl3vmTj82QD3-tVhQuQbQCYbA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1292282175%3A1695610988339643&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-RmAe4hFLQhv36G73WfzlYw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 408
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
du0pud0sdlmzf.cloudfront.net/jMVUzODhSOl1eB0U8VwUBCGIADgEXP0BXVkFoWnYBQRt2enZLAVQPTERzR0JcDGUVVFlfMg4eXV82DgkeUDFRBQwXIUNXUwwgVU9JXiZJTlFZc0ZZBVw6SVFUXTQWCn4EewMdCgF9SwkJFGZxHQoBOVpWTUlwAQhACWNsDgwUZnEdCgEnRR0LcGQDARYBfB-YKCFYwUFNXFGd1CggAZQMJCABwAQheWCdWXldJcAF+CQBkHQgeRGgC
143.204.42.159 614 B URL du0pud0sdlmzf.cloudfront.net/jMVUzODhSOl1eB0U8VwUBCGIADgEXP0BXVkFoWnYBQRt2enZLAVQPTERzR0JcDGUVVFlfMg4eXV82DgkeUDFRBQwXIUNXUwwgVU9JXiZJTlFZc0ZZBVw6SVFUXTQWCn4EewMdCgF9SwkJFGZxHQoBOVpWTUlwAQhACWNsDgwUZnEdCgEnRR0LcGQDARYBfB-YKCFYwUFNXFGd1CggAZQMJCABwAQheWCdWXldJcAF+CQBkHQgeRGgC
IP 143.204.42.159:0
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (878), with no line terminators
Hash 61dec88bfad2d7f6ec6f560eb9e847cd
7924e8d868b13e791ef6038ca76eac9c0b9a7487
3b3ab5dbc13d0cfcdf4cc16527fe660648544d3dfa963fdb121c365fe116cdc9
GET /jMVUzODhSOl1eB0U8VwUBCGIADgEXP0BXVkFoWnYBQRt2enZLAVQPTERzR0JcDGUVVFlfMg4eXV82DgkeUDFRBQwXIUNXUwwgVU9JXiZJTlFZc0ZZBVw6SVFUXTQWCn4EewMdCgF9SwkJFGZxHQoBOVpWTUlwAQhACWNsDgwUZnEdCgEnRR0LcGQDARYBfB-YKCFYwUFNXFGd1CggAZQMJCABwAQheWCdWXldJcAF+CQBkHQgeRGgC HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://idohethisisathllea.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 614
date: Mon, 25 Sep 2023 03:03:08 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 63k_QXs2iy0l8j_UlHyjiJZh2KxO81hQM-VPOrNdoKmw_pQ1XvTcSw==
X-Firefox-Spdy: h2
du0pud0sdlmzf.cloudfront.net/aWXpUZmc6FToAWC0TMFteYE1gVl9/ECcJCSlHDT8EaxAuKA8bK2UnN25CDkATIx5pVkE1GzoBWn8fOgVaaFw1AgVkTnITBmQXOxwONRY1Q1UfT3pWQmtKfB5WaF9nJEJrSjgPCSwCcVRXIUJiOVFtX2ckQmtKJhBCajtlVl53Sn1DVWkdMQUMNl9mIFVpS2-RWVmlLcVRXPxMmAwE2AnFUIWhLZUhXfw9pVw
143.204.42.159 201 B URL du0pud0sdlmzf.cloudfront.net/aWXpUZmc6FToAWC0TMFteYE1gVl9/ECcJCSlHDT8EaxAuKA8bK2UnN25CDkATIx5pVkE1GzoBWn8fOgVaaFw1AgVkTnITBmQXOxwONRY1Q1UfT3pWQmtKfB5WaF9nJEJrSjgPCSwCcVRXIUJiOVFtX2ckQmtKJhBCajtlVl53Sn1DVWkdMQUMNl9mIFVpS2-RWVmlLcVRXPxMmAwE2AnFUIWhLZUhXfw9pVw
IP 143.204.42.159:0
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 871d0a267ee1c47e54c6fa78d1168c6b
a7befaece95971ba2bf932c6a50c68e098d88bb9
0add0c447331c901c042d05da0fdc705ece2dc430103f959b441deb7764653c7
GET /aWXpUZmc6FToAWC0TMFteYE1gVl9/ECcJCSlHDT8EaxAuKA8bK2UnN25CDkATIx5pVkE1GzoBWn8fOgVaaFw1AgVkTnITBmQXOxwONRY1Q1UfT3pWQmtKfB5WaF9nJEJrSjgPCSwCcVRXIUJiOVFtX2ckQmtKJhBCajtlVl53Sn1DVWkdMQUMNl9mIFVpS2-RWVmlLcVRXPxMmAwE2AnFUIWhLZUhXfw9pVw HTTP/1.1
Host: du0pud0sdlmzf.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://idohethisisathllea.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 201
date: Mon, 25 Sep 2023 03:03:08 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: uQSs1gZZjlMUM7uefdZT4uVeP0bBJqFhDqK84MAV17SzwUJX50kzig==
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhdEYFAOobhn-gsffZIkxWUXgzguTKrjCxDqTXpypHtTJPuMyYl3vmTj82QD3-tVhQuQbQCYbA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1292282175%3A1695610988339643&theme=glif
216.58.211.13403 Forbidden 2.5 kB URL GET HTTP/3 accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhdEYFAOobhn-gsffZIkxWUXgzguTKrjCxDqTXpypHtTJPuMyYl3vmTj82QD3-tVhQuQbQCYbA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1292282175%3A1695610988339643&theme=glif
IP 216.58.211.13:443
Requested by https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintBB:B9:27:FB:7D:F3:A7:1A:57:CC:23:F8:42:E9:10:BE:59:7E:1F:D4
ValidityMon, 04 Sep 2023 08:17:06 GMT - Mon, 27 Nov 2023 08:17:05 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (1656)
Hash 5d1e9aaf18fade5c3cab011de1013f65
ed2670da7d86e86b7179b4c3da9a75db8fe09bb4
b99b712c4f91135b8f867a39c30a718cd9a111bbebaababd5393b19289c6d190
GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhdEYFAOobhn-gsffZIkxWUXgzguTKrjCxDqTXpypHtTJPuMyYl3vmTj82QD3-tVhQuQbQCYbA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1292282175%3A1695610988339643&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 25 Sep 2023 03:03:08 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-kPIZMnAp5AI2ZQb-uXDhSA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
static.bepolite.eu/scripts/saresponsive.js
212.47.222.20200 OK 177 kB URL GET HTTP/2 static.bepolite.eu/scripts/saresponsive.js
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
File type ASCII text, with very long lines (32077), with CRLF line terminators
Size 177 kB (176967 bytes)
Hash 636b4ad7f97aa55c2242b396fe3e9f44
b4d6aae9e6f3de7fb4478f9ee5e12a8141bb02ba
54f7e44d9e8b65978b3753e157c4a3c9c338645fcc31429f6c49aca5e4bd1c62
GET /scripts/saresponsive.js HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
accept-ranges: bytes
etag: "2214182483"
last-modified: Sun, 17 Sep 2023 21:45:34 GMT
content-length: 176967
date: Mon, 25 Sep 2023 03:02:53 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 540183562
age: 0
X-Firefox-Spdy: h2
static.bepolite.eu/banners/f7d1db69-0d59-488c-94be-6782379745ac/Kodukiri300x250px.gif
212.47.222.20200 OK 63 kB URL GET HTTP/2 static.bepolite.eu/banners/f7d1db69-0d59-488c-94be-6782379745ac/Kodukiri300x250px.gif
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
File type GIF image data, version 89a, 300 x 250\012- data
Hash 05c0ac2617c2acbc02419f4c42656467
93311484158f3133ed138d7161c4805f00bb92e8
7b199df73fecd0114b77292494d5721bf127236d8c7e84018d292fb5ce6853fe
GET /banners/f7d1db69-0d59-488c-94be-6782379745ac/Kodukiri300x250px.gif HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/gif
accept-ranges: bytes
etag: "1242589003"
last-modified: Fri, 01 Sep 2023 10:25:01 GMT
content-length: 63120
date: Mon, 25 Sep 2023 02:55:05 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 540183565
age: 0
X-Firefox-Spdy: h2
static.bepolite.eu/banners/8697e2eb-1e52-44ec-b3c9-5713b3ac57a9/AllMediaDigital_ee_1000x300_september-CPC_tag1.jpg
212.47.222.20200 OK 99 kB URL GET HTTP/2 static.bepolite.eu/banners/8697e2eb-1e52-44ec-b3c9-5713b3ac57a9/AllMediaDigital_ee_1000x300_september-CPC_tag1.jpg
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 1000x300, components 3\012- data
Hash 9c63de4c3b8d6926ff569914e4880a93
fdea43faeada25faa5838b0b83de817a18659e64
fa200433e61842e41b8124306b441bfd067cb9111d625c969fc8ea715ecc11fc
GET /banners/8697e2eb-1e52-44ec-b3c9-5713b3ac57a9/AllMediaDigital_ee_1000x300_september-CPC_tag1.jpg HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
accept-ranges: bytes
etag: "3836968583"
last-modified: Wed, 20 Sep 2023 12:50:02 GMT
content-length: 99312
date: Mon, 25 Sep 2023 03:02:31 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 535119802
age: 0
X-Firefox-Spdy: h2
static.bepolite.eu/files/close-gray.png
212.47.222.20200 OK 1.5 kB URL GET HTTP/2 static.bepolite.eu/files/close-gray.png
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
File type PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced\012- data
Hash 41d9676ab94bece3f7a549b4769ddbe2
521f14490fc57fea51e2e5bf00e2299dce51561b
c2f89787bda82263fceb9ec11d398fa83a5f22abf248956df29bdee2987d2f34
GET /files/close-gray.png HTTP/1.1
Host: static.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
accept-ranges: bytes
etag: "801691811"
last-modified: Fri, 08 Apr 2022 18:07:56 GMT
content-length: 1497
date: Mon, 25 Sep 2023 03:02:53 GMT
cache-control: must-revalidate, private
expires: -1
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 524151802
age: 0
X-Firefox-Spdy: h2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF5AYrOegjrzW3oZZ6Nmzd15KEUbyQ433pKsybHiAXrzCEL0OMvsHGAf5P4DT5_ObGAEsp2rSwKaJIMs8V0K2Ke3g73JVtaGDB4iXKQtkI8cRS3xlegy6rIF8ZGl8ihWo5mpUEXOWLai8TRMmBokftwHzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DqFN2hxVwm3uz7abdjRfZutkHbcR5RCx3rCZYeJ8MH1Pr4lwDE0BxiihjhyIM28fa5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
212.47.222.20200 OK 0 B URL GET HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF5AYrOegjrzW3oZZ6Nmzd15KEUbyQ433pKsybHiAXrzCEL0OMvsHGAf5P4DT5_ObGAEsp2rSwKaJIMs8V0K2Ke3g73JVtaGDB4iXKQtkI8cRS3xlegy6rIF8ZGl8ihWo5mpUEXOWLai8TRMmBokftwHzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DqFN2hxVwm3uz7abdjRfZutkHbcR5RCx3rCZYeJ8MH1Pr4lwDE0BxiihjhyIM28fa5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?key=FYFWuDany3hwv6rfuoAYF5AYrOegjrzW3oZZ6Nmzd15KEUbyQ433pKsybHiAXrzCEL0OMvsHGAf5P4DT5_ObGAEsp2rSwKaJIMs8V0K2Ke3g73JVtaGDB4iXKQtkI8cRS3xlegy6rIF8ZGl8ihWo5mpUEXOWLai8TRMmBokftwHzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DqFN2hxVwm3uz7abdjRfZutkHbcR5RCx3rCZYeJ8MH1Pr4lwDE0BxiihjhyIM28fa5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=623764987757d0497f87ee975a1513be
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Mon, 25 Sep 2023 03:02:53 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 471449060
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF5AYrOegjrzW3oZZ6Nmzd15KEUbyQ433pKsybHiAXrzCEL0OMvsHGAf5P4DT5_ObGAEsp2rSwKaJIMs8V0K2Ke3g73JVtaGDB4iXKQtkI8cRS3xlegy6rIF8ZGl8ihWo5mpUEXOWLai8TRMmBokftwHzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-2X6BWHRjfv1Z5iToAl2gYjK7yYtiC-tzB_m4v_6VWYnrmWXYaeIJDwEH48Yxv20n7a5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
212.47.222.20200 OK 0 B URL GET HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF5AYrOegjrzW3oZZ6Nmzd15KEUbyQ433pKsybHiAXrzCEL0OMvsHGAf5P4DT5_ObGAEsp2rSwKaJIMs8V0K2Ke3g73JVtaGDB4iXKQtkI8cRS3xlegy6rIF8ZGl8ihWo5mpUEXOWLai8TRMmBokftwHzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-2X6BWHRjfv1Z5iToAl2gYjK7yYtiC-tzB_m4v_6VWYnrmWXYaeIJDwEH48Yxv20n7a5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?key=FYFWuDany3hwv6rfuoAYF5AYrOegjrzW3oZZ6Nmzd15KEUbyQ433pKsybHiAXrzCEL0OMvsHGAf5P4DT5_ObGAEsp2rSwKaJIMs8V0K2Ke3g73JVtaGDB4iXKQtkI8cRS3xlegy6rIF8ZGl8ihWo5mpUEXOWLai8TRMmBokftwHzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-2X6BWHRjfv1Z5iToAl2gYjK7yYtiC-tzB_m4v_6VWYnrmWXYaeIJDwEH48Yxv20n7a5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=623764987757d0497f87ee975a1513be
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Mon, 25 Sep 2023 03:02:53 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 538180938
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF5AYrOegjrzW3oZZ6Nmzd15KEUbyQ433pKsybHiAXrzCEL0OMvsHGAf5P4DT5_ObGAEsp2rSwKaJIMs8V0K2Ke3g73JVtaGDB4iXKQtkI8cRS3xlegy6rIF8ZGl8ihWo5mpUEXOWLai8TRMmBokftwHzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-2X6BWHRjfv1Z5iToAl2gYjK7yYtiC-tzB_m4v_6VWYnrmWXYaeIJDwEH48Yxv20n7a5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA
212.47.222.20200 OK 0 B URL GET HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF5AYrOegjrzW3oZZ6Nmzd15KEUbyQ433pKsybHiAXrzCEL0OMvsHGAf5P4DT5_ObGAEsp2rSwKaJIMs8V0K2Ke3g73JVtaGDB4iXKQtkI8cRS3xlegy6rIF8ZGl8ihWo5mpUEXOWLai8TRMmBokftwHzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-2X6BWHRjfv1Z5iToAl2gYjK7yYtiC-tzB_m4v_6VWYnrmWXYaeIJDwEH48Yxv20n7a5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?key=FYFWuDany3hwv6rfuoAYF5AYrOegjrzW3oZZ6Nmzd15KEUbyQ433pKsybHiAXrzCEL0OMvsHGAf5P4DT5_ObGAEsp2rSwKaJIMs8V0K2Ke3g73JVtaGDB4iXKQtkI8cRS3xlegy6rIF8ZGl8ihWo5mpUEXOWLai8TRMmBokftwHzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-2X6BWHRjfv1Z5iToAl2gYjK7yYtiC-tzB_m4v_6VWYnrmWXYaeIJDwEH48Yxv20n7a5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=623764987757d0497f87ee975a1513be
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Mon, 25 Sep 2023 03:02:54 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 538730968
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2
serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF5AYrOegjrzW3oZZ6Nmzd15KEUbyQ433pKsybHiAXrzCEL0OMvsHGAf5P4DT5_ObGAEsp2rSwKaJIMs8V0K2Ke3g73JVtaGDB4iXKQtkI8cRS3xlegy6rIF8ZGl8ihWo5mpUEXOWLai8TRMmBokftwHzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DqFN2hxVwm3uz7abdjRfZutkHbcR5RCx3rCZYeJ8MH1Pr4lwDE0BxiihjhyIM28fa5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA
212.47.222.20200 OK 0 B URL GET HTTP/2 serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF5AYrOegjrzW3oZZ6Nmzd15KEUbyQ433pKsybHiAXrzCEL0OMvsHGAf5P4DT5_ObGAEsp2rSwKaJIMs8V0K2Ke3g73JVtaGDB4iXKQtkI8cRS3xlegy6rIF8ZGl8ihWo5mpUEXOWLai8TRMmBokftwHzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DqFN2hxVwm3uz7abdjRfZutkHbcR5RCx3rCZYeJ8MH1Pr4lwDE0BxiihjhyIM28fa5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA
IP 212.47.222.20:443
ASN #3327 CITIC Telecom CPC Netherlands B.V.
Requested by https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?key=FYFWuDany3hwv6rfuoAYF5AYrOegjrzW3oZZ6Nmzd15KEUbyQ433pKsybHiAXrzCEL0OMvsHGAf5P4DT5_ObGAEsp2rSwKaJIMs8V0K2Ke3g73JVtaGDB4iXKQtkI8cRS3xlegy6rIF8ZGl8ihWo5mpUEXOWLai8TRMmBokftwHzp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-3DqFN2hxVwm3uz7abdjRfZutkHbcR5RCx3rCZYeJ8MH1Pr4lwDE0BxiihjhyIM28fa5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Cookie: bepolite_id=623764987757d0497f87ee975a1513be
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Mon, 25 Sep 2023 03:02:55 GMT
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 540183586
age: 0
accept-ranges: bytes
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.133.29200 OK 26 B IP 172.64.133.29:443
Requested by https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 698c62d42834055a79eb3263df7e7154
596724fb90bb810e5fb8213e2724c3dfe8ed788b
f3fe69298de4128051af03f7bb95ccaf4388575d019617e3333aaf6195f92900
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 25 Sep 2023 03:03:07 GMT
content-type: text/plain
set-cookie: csu=895768787125585@1@1695610987; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JbwyUb6ghKgQILPCm0UArFp%2Fgzp68kw76aV1mFYhcWFrZw4ogNlo3KwPGc5jsVQOksADHRIw1c28lbX9EPDGktveTAF%2BVQjhlfUNlCii87nCknBmqW2dwh7PWb5ly3rk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80c008416da923b3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
gourgoldpieceso.com/popunder.gif
104.21.21.130200 OK 35 B URL GET HTTP/3 gourgoldpieceso.com/popunder.gif
IP 104.21.21.130:443
Requested by https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subjectgourgoldpieceso.com
Fingerprint2F:6C:A4:39:D1:55:B5:C3:E1:69:AB:2B:9A:94:A6:6C:EA:FB:0A:F9
ValidityWed, 13 Sep 2023 06:21:57 GMT - Tue, 12 Dec 2023 06:21:56 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /popunder.gif HTTP/1.1
Host: gourgoldpieceso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 25 Sep 2023 03:03:08 GMT
content-type: image/gif
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
cf-cache-status: HIT
age: 124693
last-modified: Sat, 23 Sep 2023 16:24:55 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FJzLN8vHM7ojL74WSac03SYMd5FbaGtaGW5gPfpFAHa694SRuJlkHoIZI0%2BDIkUm1dWD7fhzQGGxdcGl9c5%2F9FZ%2FYfxuHScHxBBucHSjVGNQk1wZiSltEsLzQToP4mVb2xB%2BlyFl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80c008447b0656c6-OSL
alt-svc: h3=":443"; ma=86400
pogothere.xyz/asd100.bin
172.64.133.29200 OK 102 kB IP 172.64.133.29:443
Requested by https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
Size 102 kB (102400 bytes)
Hash 4c6426ac7ef186464ecbb0d81cbfcb1e
5a6918eebd9d635e8f632e3ef34e3792b1b5ec13
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 25 Sep 2023 03:03:07 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 1073
last-modified: Mon, 25 Sep 2023 02:45:14 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1J0LM6%2F0za%2FG%2FBplD1EgQ6iCCYR3to19BzL33S%2BCgF41RZzv5DMmExBaUI5aWK%2BUvpdFJbFO9s4rcpd%2F0XU5DJhDA1XteC1NURQTqGezdYaTz6PBCqUqNPkqKZBnMw9N"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80c008417db523b3-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
serving.bepolite.eu/script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=1357993&screen_width=1280&screen_height=1024&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15721411%2F90123a85acde1d9791f3%2FDownloader2.3.exe&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15721411%2FDownloader2.3.exe.html%3Fmsg%3Dsess_error&rnd=1695610987052
0.0.0.0 0 B URL GET serving.bepolite.eu/script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=1357993&screen_width=1280&screen_height=1024&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15721411%2F90123a85acde1d9791f3%2FDownloader2.3.exe&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15721411%2FDownloader2.3.exe.html%3Fmsg%3Dsess_error&rnd=1695610987052
IP 0.0.0.0:0
Requested by https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Certificate IssuerLet's Encrypt
Subjectstatic.bepolite.eu
FingerprintB7:1B:BB:35:5B:E5:6E:92:4D:DE:79:2E:0E:C8:1F:0D:CE:28:88:FD
ValidityMon, 04 Sep 2023 21:06:47 GMT - Sun, 03 Dec 2023 21:06:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /script?space=50dd7b0f-4105-441f-8f60-18cc3fcb090c&type=direct&page_id=1357993&screen_width=1280&screen_height=1024&os=Linux%20x86_64&refurl=https%3A%2F%2Fwww.upload.ee%2Fdownload%2F15721411%2F90123a85acde1d9791f3%2FDownloader2.3.exe&pageurl=https%3A%2F%2Fwww.upload.ee%2Ffiles%2F15721411%2FDownloader2.3.exe.html%3Fmsg%3Dsess_error&rnd=1695610987052 HTTP/1.1
Host: serving.bepolite.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.upload.ee/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: private, must-revalidate, max-age=0
vary: accept-encoding
content-encoding: gzip
content-type: text/plain;charset=ISO-8859-1
date: Mon, 25 Sep 2023 03:02:52 GMT
set-cookie: bepolite_id=623764987757d0497f87ee975a1513be; Max-Age=7776000; Expires=Sun, 24-Dec-2023 03:02:53 GMT; SameSite=None; Secure
p3p: CP='BePolite does not have a P3P policy'
x-varnish: 540183559
age: 0
accept-ranges: bytes
content-length: 1661
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.133.29200 OK 26 B IP 172.64.133.29:443
Requested by https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash f73fdca47d4b4aa995dcf22a83b2d8a7
dc5a9eba9eefd88ab7bb659432ceb91207eb1ef8
6a39a59afc352b7914033623719a2a753dd5eea4cf0db004085740a741839ccd
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 25 Sep 2023 03:03:07 GMT
content-type: text/plain
set-cookie: csu=941023947857166@1@1695610987; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LRkdgm2v6Hh0OdqfID%2Bmr1znojfy%2F9RdwWXzhVg2cashKcZY8LyiPmtdV531xRTh88aHe%2FzKIhMJLjYWleprtbIH19XhU6ItmMklYQOcmEQ6cxAfQTfPbpTtO6n8yBs2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80c008416daa23b3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhdUSDIybP8BWoJHBWowpRYDQdxwH8IxFzfO5PVuk9STSJ2qSMHrfQh2iqCsN9OoHNx6gnr4QA&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S587422129%3A1695610988332595&theme=glif
216.58.211.13403 Forbidden 0 B URL GET HTTP/3 accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhdUSDIybP8BWoJHBWowpRYDQdxwH8IxFzfO5PVuk9STSJ2qSMHrfQh2iqCsN9OoHNx6gnr4QA&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S587422129%3A1695610988332595&theme=glif
IP 216.58.211.13:443
Requested by https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintBB:B9:27:FB:7D:F3:A7:1A:57:CC:23:F8:42:E9:10:BE:59:7E:1F:D4
ValidityMon, 04 Sep 2023 08:17:06 GMT - Mon, 27 Nov 2023 08:17:05 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AYZoVhdUSDIybP8BWoJHBWowpRYDQdxwH8IxFzfO5PVuk9STSJ2qSMHrfQh2iqCsN9OoHNx6gnr4QA&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S587422129%3A1695610988332595&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 25 Sep 2023 03:03:08 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-Sk6bhuGN8jklM0KqRtVNHw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
pogothere.xyz/asd100.bin
172.64.133.29200 OK 102 kB IP 172.64.133.29:443
Requested by https://www.upload.ee/files/15721411/Downloader2.3.exe.html?msg=sess_error
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
Size 102 kB (102400 bytes)
Hash 4c6426ac7ef186464ecbb0d81cbfcb1e
5a6918eebd9d635e8f632e3ef34e3792b1b5ec13
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload.ee/
Origin: https://www.upload.ee
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 25 Sep 2023 03:03:07 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www.upload.ee
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 1073
last-modified: Mon, 25 Sep 2023 02:45:14 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bM6Jf%2B4kBR2F2Snr0%2Fy7xDC17MXjZ6wc29yySQ1cWuQkuJ%2FDii06NiHIFoEDZA0ppLAQIVRfIvXzJCqLk1xACrJX2g6vchUM0yncKB%2B8mSxmvLwTN758KR0OrwUYzWIT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80c008416db123b3-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2